OTL logfile created on: 2012-05-05 21:53:24 - Run 2 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\user\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,96 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,33% Memory free 6,13 Gb Paging File | 4,97 Gb Available in Paging File | 81,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,78 Gb Total Space | 6,01 Gb Free Space | 11,84% Space Free | Partition Type: NTFS Drive D: | 247,31 Gb Total Space | 25,25 Gb Free Space | 10,21% Space Free | Partition Type: NTFS Computer Name: BARTEKLAPTOP | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-05-05 20:17:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010-08-19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe PRC - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DataCardService\DCService.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009-03-05 09:42:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2009-01-21 07:03:00 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\DCService.exe -- (DCService.exe) SRV - [2010-04-26 15:41:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-01-21 07:03:00 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008-09-03 00:38:28 | 000,010,752 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\FUSServices.exe -- (FUSServices) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\user\AppData\Local\Temp\uwtyypoc.sys -- (uwtyypoc) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012-05-05 21:17:14 | 000,335,504 | ---- | M] (BitDefender S.R.L.) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\TrufosAlt.sys -- (TrufosAlt) DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-04-09 16:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2010-04-09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2009-11-02 00:33:43 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009-11-02 00:33:43 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-09-04 06:34:02 | 000,053,248 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C) DRV - [2009-07-28 08:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-06-09 02:23:00 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009-03-23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2009-01-21 07:03:00 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008-10-09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-03-28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2006-09-27 00:07:46 | 000,040,256 | ---- | M] ( MM Electronics, DATOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kmm4xusb.sys -- (KMM4xUSB) KMM4xUSB Driver (kmm4xusb.sys) DRV - [2000-11-25 11:38:48 | 000,095,484 | ---- | M] (DATOM Dariusz Cielebąk) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMM4XNT.SYS -- (Kmm4xNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-530722816-3797544453-1258293311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-530722816-3797544453-1258293311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-530722816-3797544453-1258293311-1000\..\SearchScopes,DefaultScope = {A96E29D8-FF04-48E0-B32C-9B1773430216} IE - HKU\S-1-5-21-530722816-3797544453-1258293311-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-530722816-3797544453-1258293311-1000\..\SearchScopes\{A96E29D8-FF04-48E0-B32C-9B1773430216}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-530722816-3797544453-1258293311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-530722816-3797544453-1258293311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{282DC27A-9DED-494B-9F79-AB9C857CAB84}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A102CA8-F7C1-45E4-B096-6F6636DA3631}: DhcpNameServer = 94.251.160.14 94.251.182.11 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4c70ec35-f7cb-11de-b8fc-00269e4376bd}\Shell\AutoRun\command - "" = G:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ O33 - MountPoints2\{4c70ec35-f7cb-11de-b8fc-00269e4376bd}\Shell\Explore\Command - "" = G:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ O33 - MountPoints2\{4c70ec35-f7cb-11de-b8fc-00269e4376bd}\Shell\open\command - "" = G:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ O33 - MountPoints2\{b60229c8-0e9b-11e1-8c7c-00269e4376bd}\Shell - "" = AutoRun O33 - MountPoints2\{b60229c8-0e9b-11e1-8c7c-00269e4376bd}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b60229d4-0e9b-11e1-8c7c-00269e4376bd}\Shell - "" = AutoRun O33 - MountPoints2\{b60229d4-0e9b-11e1-8c7c-00269e4376bd}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bcd3a231-003c-11df-8c6c-00269e4376bd}\Shell\AutoRun\command - "" = F:\SLATKO/torta.exe O33 - MountPoints2\{bcd3a231-003c-11df-8c6c-00269e4376bd}\Shell\explore\command - "" = F:\SLATKO/torta.exe O33 - MountPoints2\{bcd3a231-003c-11df-8c6c-00269e4376bd}\Shell\open\command - "" = F:\SLATKO/torta.exe O33 - MountPoints2\{d76e05ae-63da-11df-ad20-00269e4376bd}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE O33 - MountPoints2\{d76e05ae-63da-11df-ad20-00269e4376bd}\Shell\explore\Command - "" = G:\EXPLORER.EXE O33 - MountPoints2\{d76e05ae-63da-11df-ad20-00269e4376bd}\Shell\open\Command - "" = G:\EXPLORER.EXE O33 - MountPoints2\{fe083150-b695-11df-87dd-00269e4376bd}\Shell\ArcaVir\command - "" = G:\ArcaSetupExecutor.exe O33 - MountPoints2\{fe083150-b695-11df-87dd-00269e4376bd}\Shell\AutoRun\command - "" = G:\ArcaSetupExecutor.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-05-05 21:27:20 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\raporty 1 [2012-05-05 21:17:14 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012-05-05 21:15:45 | 007,396,728 | ---- | C] (BitDefender LLC) -- C:\Users\user\Desktop\BDRemovalTool_sirefef_x86.exe [2012-05-05 21:09:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2012-05-05 21:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-05-05 21:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-05-05 21:09:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012-05-05 21:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-05-05 21:06:22 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.51.2.1300.exe [2012-05-05 20:17:26 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012-05-05 19:59:48 | 000,675,896 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\user\Desktop\SPTDinst-v181-x86.exe [2012-05-05 19:44:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\QuickScan [2012-05-05 19:00:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ArcaVirMicroScan [2012-05-05 18:40:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012-05-05 14:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-04-26 09:30:08 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Lumix G2 [2012-04-11 17:38:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-04-11 17:38:46 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-04-11 17:38:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-04-11 17:38:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-04-11 17:38:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-04-11 17:38:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-04-11 17:38:22 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-04-11 17:38:22 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-05-05 21:53:26 | 005,505,024 | -HS- | M] () -- C:\Users\user\NTUSER.DAT [2012-05-05 21:17:14 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012-05-05 21:15:49 | 007,396,728 | ---- | M] (BitDefender LLC) -- C:\Users\user\Desktop\BDRemovalTool_sirefef_x86.exe [2012-05-05 21:10:44 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-05-05 21:06:22 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.51.2.1300.exe [2012-05-05 20:44:21 | 000,029,641 | ---- | M] () -- C:\Users\user\intlname.ols [2012-05-05 20:26:27 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\9k95t7k7.exe [2012-05-05 20:17:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012-05-05 20:09:03 | 001,495,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-05-05 20:09:03 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-05-05 20:09:03 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-05-05 20:09:03 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-05-05 20:09:03 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-05-05 20:05:45 | 000,184,942 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-05-05 20:05:44 | 000,184,942 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-05-05 20:02:17 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-05-05 20:02:17 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-05-05 20:02:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-05-05 20:02:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-05-05 20:02:06 | 3184,451,584 | -HS- | M] () -- C:\hiberfil.sys [2012-05-05 20:01:27 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012-05-05 20:01:27 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012-05-05 20:01:23 | 004,057,921 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2012-05-05 19:59:48 | 000,675,896 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\user\Desktop\SPTDinst-v181-x86.exe [2012-05-05 14:22:09 | 000,507,298 | ---- | M] () -- C:\Users\user\Desktop\9 działek.jpg [2012-05-04 12:15:07 | 000,039,213 | ---- | M] () -- C:\Users\user\Desktop\Kosztorys Bieruń prognoza kwiecień.KST [2012-04-30 09:30:38 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2012-04-26 08:44:06 | 000,120,352 | ---- | M] () -- C:\Users\user\Desktop\516609190412_faktura.pdf [2012-04-11 17:33:36 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-05-05 21:10:44 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-05-05 20:26:27 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\9k95t7k7.exe [2012-05-05 14:22:09 | 000,507,298 | ---- | C] () -- C:\Users\user\Desktop\9 działek.jpg [2012-05-04 12:15:07 | 000,039,213 | ---- | C] () -- C:\Users\user\Desktop\Kosztorys Bieruń prognoza kwiecień.KST [2012-04-26 08:44:05 | 000,120,352 | ---- | C] () -- C:\Users\user\Desktop\516609190412_faktura.pdf [2011-10-12 09:35:05 | 004,057,921 | -H-- | C] () -- C:\Users\user\AppData\Local\IconCache.db [2011-02-11 13:29:58 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2010-09-27 12:27:27 | 000,024,576 | ---- | C] () -- C:\Windows\System32\LXEBsmr.dll [2010-09-27 12:27:24 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEBsm.dll [2010-09-08 10:56:26 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL [2010-09-08 10:56:26 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE [2010-09-08 10:56:26 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL [2010-06-03 11:31:44 | 000,224,163 | ---- | C] () -- C:\Windows\hpwins26.dat [2010-06-03 11:31:44 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat [color=#E56717]========== LOP Check ==========[/color] [2012-05-05 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ArcaVirMicroScan [2011-10-23 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Autodesk [2011-11-14 11:11:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\blueconnect [2010-12-28 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BSplayer PRO [2010-12-24 00:53:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeAudioPack [2012-04-27 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView [2011-07-24 20:50:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mirillis [2009-11-03 23:01:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia [2011-10-24 15:02:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2012-05-05 19:44:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan [2009-11-21 16:04:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine [2012-05-05 20:01:30 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:51394AA5 < End of report >